Re: This is why I never use webmail
Webmail makes users choose easy passwords' - mine does not - it gives me a pain-in-the-ares-to-remeber one and I cannot set it myself - but yes most webmail systems allow you to chose.
I may have expressed that better. What I meant to say was that users often deliberately pick easy to remember passwords precisely because they use webmail a lot on non-owned computers. If they had IMAP access it would mean they'd have to enter the password once to set things up and you could enforce complexity a lot easier, but webmail needs entering the details every time (not on their own machine) and convenience still preceeds security for most people. You can impose complexity, but then you just move the problem to the user carrying along a piece of paper.
If users absolutely want webmail, 2FA ought to be mandatory.